Sorry, your browser is not supported. We recommend upgrading your browser.
We have done our best to make all the documentation and resources available on old versions of Internet Explorer, but vector image support and the layout may not be optimal. Technical documentation is available as a PDF Download.

JavaScript seems to be disabled in your browser.
You must have JavaScript enabled in your browser to utilize the functionality of this website.

Chapter 1 Arm TrustZone technology

TrustZone technology for Armv8-M is an optional Security Extension that is designed to provide a foundation for improved system security in a wide range of embedded applications.

The concept of TrustZone technology is not new. The technology has been available on Arm Cortex-A series processors for
several years and has now been extended to cover Armv8-M processors.

At a high level, the concepts of TrustZone technology for Armv8-M are similar to the TrustZone technology in Arm Cortex-A processors.
In both designs, the processor has Secure and Non-secure states, with Non-secure software able to access to Non-secure memories only.
TrustZone technology for Armv8-M is designed with small energy-efficient systems in mind. Unlike TrustZone technology in Cortex-A processors,
the division of Secure and Normal worlds is memory map based and the transitions takes place automatically in exception handling code.

Non-secure interrupts can still be serviced when executing a Secure function.

As such TrustZone technology for Armv8-M is optimized for low-power microcontroller type applications:

In many microcontroller applications with real-time processing, deterministic behavior and low interrupt latency are
important requirements. The ability to service interrupt requests while running Secure code is critical.

By allowing the register banks to be shared between Secure and Non-secure states, the power consumption of Armv8-M
implementations can be similar to Armv6-M or Armv7-M implementations.

The low overhead of state switching allows Secure and Non-secure software to interact frequently, which is expected to be
common place when Secure firmware contains software libraries such as GUI firmware or communication protocol stacks.

Arm TrustZone technology enables the system and the software to be partitioned into Secure and Normal worlds. Secure software can access both Secure and Non-secure memories and resources, while Normal software can only access Non-secure memories and resources. These security states are orthogonal to the existing Thread and Handler modes, enabling both a Thread and Handler mode in both Secure and Non-secure states.

Note: Thread mode can also be either Privileged or Unprivileged.

If the Security Extension is implemented, the system starts up in Secure state by default. If the Security Extension is not implemented, the
system is always in Non-secure state. TrustZone technology enables the processor to be aware of the security states available.
Arm TrustZone technology does not cover all aspects of security. For example, it does not include cryptography.

The following figure shows how TrustZone technology for Armv8-M adds Secure and Non-secure states to processor operation:

Figure
1-1 Secure and Non-secure states

In designs with the Armv8-M architecture Security Extension, components that are critical to the security of the system such can
be placed in the Secure world. These critical components include:

A Secure boot loader.

Secret keys.

Flash programming support.

High value assets.

The remaining applications are placed in the Normal world.

Figure
1-2 Secure world assignment of critical components

Secure (Trusted) and Non-secure (Non-trusted) software can work together, but Non-secure applications cannot access
Secure resources directly. Instead, any access to Secure resources can go through APIs provided by Secure software, and these
APIs can implement authentications to decide if the access to the Secure service is permitted. By having this arrangement,
even if there are vulnerabilities in the Non-secure applications, hackers cannot compromise the whole chip.

Arm Corporate

More

Social

AMBA, Arm, Arm7, Arm9, Arm11, Artisan, big.LITTLE, Cordio, CoreLink, CoreSight,
Cortex, DesignStart, Jazelle, Keil, Mali, Mbed, NEON, POP, SecurCore, Socrates,
Thumb, TrustZone, ULINK, µVision, Versatile are trademarks or registered trademarks
of Arm Limited (or its subsidiaries) in the US and/or elsewhere.
The related technology may be protected by any or all of patents, copyrights,
designs and trade secrets. All rights reserved. All other brands or product
names are the property of their respective holders. Further Detail.

Important Information for the Arm website. This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies. If you are not happy with the use of these cookies, please review our Cookie Policy to learn how they can be disabled. By disabling cookies, some features of the site will not work.